add support for token provider #1587
Conversation
b4dd476 to
f514473
Compare
src/client.ts
Outdated
| @@ -438,6 +457,31 @@ export class OpenAI { | |||
| return Errors.APIError.generate(status, error, message, headers); | |||
| } | |||
|
|
|||
| async _setToken(): Promise<boolean> { | |||
There was a problem hiding this comment.
nit: I think "refresh" is a better verb than "set" here?
There was a problem hiding this comment.
The decision to refresh is taken by the input function and not by this method, i.e. it is not guaranteed that the token will be refreshed if this method is called. However, let me know if you feel strongly about it and I can update the name.
There was a problem hiding this comment.
I do dislike _set but don't feel strongly about it being called _refresh - I find it weird that a method called _setX() doesn't actually take any arguments.
fwiw I was also framing "refresh" as in, refresh the apiKey property - not necessarily do a full token refresh.
wdyt about _callApiKey()? I don't think that's great either... my main fud with _setApiKey() is that the return value is not intuitive imo and it'd be great if we could find a name that makes that work
There was a problem hiding this comment.
Addressed in 577ebc6.
f514473 to
a5ce6ac
Compare
1453757 to
b623760
Compare
b623760 to
0307ed5
Compare
| export interface ClientOptions { | ||
| /** | ||
| * Defaults to process.env['OPENAI_API_KEY']. | ||
| */ | ||
| apiKey?: string | undefined; | ||
|
|
||
| apiKey?: string | ApiKeySetter | undefined; |
There was a problem hiding this comment.
The docstring should mention the new function behaviour
There was a problem hiding this comment.
Good point, addressed in 577ebc6.
| @@ -385,7 +386,7 @@ export class OpenAI { | |||
|
|
|||
| this._options = options; | |||
|
|
|||
| this.apiKey = apiKey; | |||
| this.apiKey = typeof apiKey === 'string' ? apiKey : 'Missing Key'; | |||
There was a problem hiding this comment.
suggestion: should probably be something like <not set yet>?
There was a problem hiding this comment.
actually, we should move API_KEY_SENTINEL our of the azure specific file and use that
There was a problem hiding this comment.
It is only used once here so I am not sure if there is value to have it in a constant var.
tests/lib/azure.test.ts
Outdated
| let fail = true; | ||
| const testFetch = async (url: RequestInfo, req: RequestInit | undefined): Promise<Response> => { | ||
| const testFetch = async (url: any, { headers }: RequestInit = {}): Promise<Response> => { |
There was a problem hiding this comment.
q: why did you have to use any?
There was a problem hiding this comment.
Good point, addressed in 577ebc6.
src/client.ts
Outdated
| @@ -438,6 +457,31 @@ export class OpenAI { | |||
| return Errors.APIError.generate(status, error, message, headers); | |||
| } | |||
|
|
|||
| async _setToken(): Promise<boolean> { | |||
There was a problem hiding this comment.
I do dislike _set but don't feel strongly about it being called _refresh - I find it weird that a method called _setX() doesn't actually take any arguments.
fwiw I was also framing "refresh" as in, refresh the apiKey property - not necessarily do a full token refresh.
wdyt about _callApiKey()? I don't think that's great either... my main fud with _setApiKey() is that the return value is not intuitive imo and it'd be great if we could find a name that makes that work
src/beta/realtime/websocket.ts
Outdated
| @@ -49,6 +50,10 @@ export class OpenAIRealtimeWebSocket extends OpenAIRealtimeEmitter { | |||
|
|
|||
| client ??= new OpenAI({ dangerouslyAllowBrowser }); | |||
|
|
|||
| if (typeof (client as any)?._options?.apiKey !== 'string') { | |||
| throw new Error('Call the create method instead to construct the client'); | |||
There was a problem hiding this comment.
nit: this error message could be more helpful
There was a problem hiding this comment.
also, wait does this work? because _setApiKey() doesn't mutate options, won't this check always return true if you pass in a function?
should we instead define the client.apiKey fallback string as a constant and check that? e.g. if (client.apiKey === API_KEY_MISSING) { ...
There was a problem hiding this comment.
We want to check whether the user provided a function or a string at the time of constructing the OpenAI client. If the user provided a function, we can't call it here. if (client.apiKey === API_KEY_MISSING) wouldn't work because _setApiKey might have been called setting client.apiKey to a token that might have expired by the time the realtime client is being used.
There was a problem hiding this comment.
error messages are updated in 390c131
There was a problem hiding this comment.
good point about the token potentially being expired but I think my other question still stands? does this check work as intended? because we don't mutate _options, so if you originally pass in a function then typeof (client as any)?._options?.apiKey !== 'string' would always be true?
There was a problem hiding this comment.
Yes, that is the intention. If the user passed in a function, they can't construct an RT client using the constructor.
There was a problem hiding this comment.
oh I see what you mean now. The constructor is called in the factory method too. Let me address this.
src/client.ts
Outdated
| try { | ||
| const token = await apiKey(); | ||
| if (!token || typeof token !== 'string') { | ||
| throw new Errors.OpenAIError( | ||
| `Expected 'apiKey' function argument to return a string but it returned ${token}`, | ||
| ); | ||
| } | ||
| this.apiKey = token; | ||
| return true; | ||
| } catch (err: any) { | ||
| if (err instanceof Errors.OpenAIError) { | ||
| throw err; | ||
| } | ||
| throw new Errors.OpenAIError( | ||
| `Failed to get token from 'apiKey' function: ${err.message}`, | ||
| // @ts-ignore | ||
| { cause: err }, | ||
| ); | ||
| } |
There was a problem hiding this comment.
having a try catch around the whole block and then checking inside the catch if we threw isn't great, could we instead just either put the try catch just around the await apiKey()? or await apiKey().catch(...)?
There was a problem hiding this comment.
Good point, addressed in 577ebc6.
Changes being requested
This PR introduces a new
tokenProvideroption to the OpenAI client, enabling dynamic token retrieval for authentication scenarios where API keys need to be refreshed or obtained at runtime.Additional context & links
Changes
New Feature:
tokenProviderOptionTokenProvidertype definition:() => Promise<AccessToken>AccessTokeninterface withtoken: stringpropertytokenProvideroption toClientOptionsinterface_setToken()methodKey Benefits
Implementation Details
Client Construction:
tokenProviderandapiKeyare mutually exclusive - only one can be providedtokenProvider(setsdangerouslyAllowBrowser: true)Token Management:
_setToken()method now returns a boolean indicating if a token was successfully retrievedprepareOptions()Usage Example
Backward Compatibility
This change is fully backward compatible. Existing code using
apiKeycontinues to work unchanged. The newtokenProvideroption is purely additive.